Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix k8s for example for rootCAs serversTransport #9274

Merged
merged 1 commit into from Aug 24, 2022
Merged

Fix k8s for example for rootCAs serversTransport #9274

merged 1 commit into from Aug 24, 2022

Conversation

ben-krieger
Copy link
Contributor

What does this PR do?

It fixes a configuration example which doesn't match documentation.

The rootCAs (for serversTransport) secret data used the key tls.crt, but it must be either ca.crt or tls.ca according to the docs at https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-serverstransport.

Motivation

I was wondering if a cert-manager.io/Certificate secret could be used to provide the CA. It didn't appear so from the example, since the leaf certificate would be used, but when I looked at the docs, it became clear that it would work as expected.

@ben-krieger
Fix k8s for example for rootCAs serversTransport
39793eb 
The secret data used the key "tls.crt", but it must be either "ca.crt" or "tls.ca" according to the docs at https://doc.traefik.io/traefik/routing/providers/kubernetes-crd/#kind-serverstransport.
mpl
mpl reviewed Aug 24, 2022
View reviewed changes
docs/content/routing/services/index.md
@@ -677,7 +677,7 @@ metadata:
name: myca

data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FYI, I see in the code that we apparently use whatever's in data (as long as there's only one field) anyway, so it seems that the existing example would have worked nonetheless. And there's a comment saying we're supposed to drop that behaviour at some point.
But yeah, better be matching the doc.

@ldez ldez added status/3-needs-merge bot/light-review decreases the number of required LGTM from 3 to 1. and removed status/2-needs-review labels Aug 24, 2022
@ldez ldez added this to To review in v2 via automation Aug 24, 2022
@ldez ldez added this to the 2.8 milestone Aug 24, 2022
@traefiker traefiker merged commit dfa1f3f into traefik:v2.8 Aug 24, 2022
v2 automation moved this from To review to Done Aug 24, 2022
@traefiker traefiker removed status/3-needs-merge bot/light-review decreases the number of required LGTM from 3 to 1. labels Aug 24, 2022
@ben-krieger ben-krieger deleted the patch-1 branch August 24, 2022 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpl mpl mpl approved these changes

Assignees
No one assigned
Labels
area/documentation area/provider/k8s/crd size/S
Projects
No open projects
v2
Done
Milestone
2.8
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ben-krieger @mpl @ldez @rtribotte @traefiker